Stories by Lucian Constantin

BitTorrent programs can be abused to amplify distributed denial-of-service attacks

Attackers could launch crippling attacks by reflecting the traffic through millions of computers running BitTorrent programs

Zero-day flaw in Google Admin app allows malicious apps to read its files

An unpatched vulnerability in the Google Admin application for Android can allow rogue applications to steal credentials that could be used to access Google for Work acccounts.

Cisco warns customers about attacks installing rogue firmware on networking gear

Installing rogue firmware on embedded devices has long been a concern for security researchers, and it seems that such attacks have started to gain ground with hackers.

Ten scary hacks I saw at Black Hat and DEF CON

Security researchers and hackers gathered in Las Vegas over the past week to show off and learn about the latest vulnerabilities that affect devices and software that the world relies on every day. Black Hat and DEF CON, the world's top security conferences, did not disappoint.

Design flaw in Intel processors opens door to rootkits, researcher says

A design flaw in the x86 processor architecture dating back almost two decades could allow attackers to install a rootkit in the low-level firmware of computers, a security researcher said Thursday. Such malware could be undetectable by security products.

Internal LTE/3G modems can be hacked to help malware survive OS reinstalls

With their own dedicated processor and operating system, LTE/3G modems built into new business laptops and tablets could be a valuable target for hackers by providing a stealthy way to maintain persistent access to an infected device.

Researchers find way to steal Windows Active Directory credentials from the Internet

An attack using the SMB file sharing protocol that has been believed to work only within local area networks for over a decade can also be executed over the Internet, two researchers showed at the Black Hat security conference.

Hackers show off long-distance Wi-Fi radio proxy at DEF CON

A talk about a radio-based privacy device dubbed ProxyHam that promised to allow hackers to connect to Wi-Fi networks from as far as 2.5 miles away was abruptly pulled from the DEF CON schedule by its creator a few weeks ago.

Attackers could take over Android devices by exploiting built-in remote support apps

Many smart phone manufacturers preload remote support tools on their Android devices in an insecure way, providing a method for hackers to take control of the devices through rogue apps or even SMS messages.

Attackers could use Internet route hijacking to get fraudulent HTTPS certificates

Inherent insecurity in the routing protocol that links networks on the Internet poses a direct threat to the infrastructure that secures communications between users and websites.

File sync services provide covert way to control hacked computers

File synchronization services, used to accommodate roaming employees inside organizations, can also be a weak point that attackers could exploit to remain undetected inside compromised networks.

Hacker steals Bitdefender customer log-in credentials, attempts blackmail

A hacker extracted customer log-in credentials from a server owned by Bitdefender that hosted the cloud-based management dashboards for its small and medium-size business clients.

Researchers improve de-anonymization attacks for websites hiding on Tor

Researchers have developed a new technique that could allow attackers to determine with a high degree of accuracy which Tor websites users are accessing and where those websites are hosted.

Critical BIND denial-of-service flaw could disrupt large portions of the Internet

Attackers could exploit a new vulnerability in BIND, the most popular Domain Name System (DNS) server software, to disrupt the Internet for many users.

OPM, Anthem hackers reportedly also breached United Airlines

The cyberespionage group that stole the personal records of millions of Americans from U.S. health insurer Anthem and the U.S. Office of Personnel Management (OPM) has also reportedly breached United Airlines.

CIO
ARN
Techworld
CMO